Re: [patch 0/15] lsm stacking v0.3: intro

From: serge
Date: Sat Jul 30 2005 - 14:14:50 EST

Quoting Tony Jones (tonyj@xxxxxxxxxxx):

Thanks, Tony. I'll address each of these in the next patchset. Just
two things I wanted to actually converse about:

> 5) /*
> * Workarounds for the fact that get and setprocattr are used only by
> * selinux. (Maybe)
> */
> No complaints on selinux getting to avoid the (module), they are intree.
> Just a FYI that SubDomain/AppArmor uses these hooks also.

And is it ok with using the "some_data (apparmor)" convention?

The special handling of selinux is intended to be temporary, due to the
large base of installed userspace which hasn't yet been updated. I
would imagine that at some point that code would go away.

> I noticed the conditional CONFIG_SECURITY_STACKER code went away, previously
> it would look at the value chain head only for the !case. But this comment
> still remains.

Yes, after I added the unlink function, it started to seem that the
special cases for !CONFIG_SECURITY_STACKER wouldn't be any faster than
the stacker versions. They still might be, but I'll have to think about
it. If I just ditch those, then I can probably ditch the whole
security-stack.h file, and move those declarations into security.h.
They were just in their own file because Stephen had pointed out that
switching between stacker and non-stacker would cause too much code to
be recompiled.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at